Password-less SSH Login

// May 8th, 2006 // Technology Bits

On occasion I have the need to establish trust relationships between Unix boxes so that I can script file transfers. In short, here’s how you leverage SSH to do that. Using the example of trying to connect from server ‘ender’ to get a file on ‘bean’ follow this example:

  1. Connect to ender
  2. type: ssh-keygen -t rsa
    • default directory for keyfiles will be ~/.ssh/
    • if you do not want to be prompted, leave passphrase blank
  3. copy the contents of .ssh/id_rsa.pub (there should only be one line)
  4. place this line on bean, in ~/.ssh/authorized_keys
  5. that’s it, you should now be able to ssh/sftp/scp from ender to bean without being prompted for a password!

For further detail and a more complete example check this site out.

Update: You must have "RSAAuthentication yes" in your /etc/ssh/sshd_config file. On many Linux installations this setting is commented out in a default install

authentication, keygen, linux, pass phrase, password, scp, sftp, solaris, ssh, system administration, unix

Related items

14 Responses to “Password-less SSH Login”

  1. spiralbound.net » Changes to Solaris ssh_config for Password-less SSH Login says:
    May 8, 2006 at 4:44 pm

    [...] Zach over at NoSheep has written a really nice article about how to configure a SSH trust relationship on UNIX systems. By doing this, you can prevent the system from prompting you for a password, thus allowing the user to use scripted solutions to move files around with sftp, etc. He didn’t mention, however, that to get this up and working correctly under Solaris, you have to uncomment the following lines in your /usr/local/etc/ssh_config file: [...]

  2. Jon says:
    May 18, 2006 at 8:39 am

    Using these instructions I’ve just set up my Mac OSX desktop to connect to one of our servers without the need for a password.

    I also saved the connection info in a terminal shortcut so I can connect to the server just as easily as I can open a terminal window.

    Thanks for these instructions!

  3. earle goodfellow says:
    June 7, 2006 at 12:37 am

    I was having trouble getting this working but a bit of research led me to making the authorized_keys file non group writeable… then it all burst into life

  4. Life After Coffee » SSH Without A Password says:
    June 15, 2006 at 6:30 pm

    [...] Zach has posted a Zachgood quick reference for setting up SSH to use a shared key for authentication instead of a password on a UNIX system. It’s important to keep your keys secure, but this can allow you to set up scripts to execute commands or move files between multiple hosts without prompting for passwords. [...]

  5. Marc says:
    June 17, 2006 at 12:48 am

    Maybe I’m paranoid, but having a private key without a passphrase freaks me out, so I use a key with a passphrase and then I use keychain (from the Gentoo project) to cache my decrypted keys in an ssh-agent process.

    It’s too involved for me to post all the details, but if folks want, I could possibly detail it all in a blog post.

  6. zbtirrell says:
    June 18, 2006 at 9:09 am

    I’d certainly be curious.

  7. kc says:
    November 16, 2006 at 9:03 pm

    One other thing that you may want to check is that the authorized_keys file is not group and world read/write permissions set. It got me stumped until I did a tail on the messages/secure log file to understand what was happening.

  8. Saurabh says:
    November 22, 2006 at 3:31 am

    I have seen amny sites which give instructions for passwordless connection. But this one is really very handy and truly works fine.

  9. Storm says:
    January 10, 2007 at 1:00 pm

    For those who are as dense as myself.. authorized keys is a file, not a directory.. when you put it in, it is appending a file, not adding files to a directory.

  10. Life After Coffee » Secure remote file copy says:
    January 11, 2007 at 6:43 pm

    [...] Zach has a good article about setting up ssh with key authentication which will allow you to use the scp and ssh commands without a password while still maintaining security. For more tips like this check out my book Easy Linux Commands, only $19.95 from Rampant TechPress. Buy it now! [...]

  11. Dustin says:
    March 23, 2007 at 8:39 pm

    I am not sure about everybody else but for me the permissions on the .ssh directory were very important. I was not able to get this to work unless I removed all from group and other. A chmod 600 or 700 might be required.

    Thanks for the help. Nice tutorial!

  12. Bash backup scripts including mysql backup at max words says:
    April 12, 2007 at 5:02 pm

    [...] a fairly low-tech solution, but its simple and it works for me. The only tricky bit was setting up passwordless ssh login so the script in part 2 could access the live server. It was a tad involved but I used the [...]

  13. sirish says:
    July 31, 2007 at 6:09 am

    Hey guys can u help me.I’m unable to work with this.Can any one of u help me to find a solution for this..Please Please Please..
    I have two servers named A & B.I need to connect to “B” and sens files from “A” using scp.it is asking me a password even though I done the above.Please help me to solve this..

  14. Web App: File and/or Directory Backup, Part 1 | intarwebz online says:
    August 29, 2007 at 9:52 pm

    [...] Furthermore, you can setup key authentication such that you can use scp without being prompted for a password (handy when working with wildcards). For details on doing that, see this tutorial on password-less ssh. [...]

Leave a Reply

Sponsored Links